feat: support sts vpc endpoint

yndu13 · yndu13 · commit 410338b1831f · 2025-03-04T15:38:54.000+08:00
diff --git a/src/Credential/RefreshResult.php b/src/Credential/RefreshResult.php
@@ -4,8 +4,6 @@
 
 use AlibabaCloud\Credentials\Providers\Credentials;
 
-use function PHPUnit\Framework\isNull;
-
 class RefreshResult
 {
 
diff --git a/src/Providers/OIDCRoleArnCredentialsProvider.php b/src/Providers/OIDCRoleArnCredentialsProvider.php
@@ -167,12 +167,16 @@ private function filterPolicy(array $params)
 
     private function filterSTSEndpoint(array $params)
     {
+        $prefix = 'sts';
+        if (Helper::envNotEmpty('ALIBABA_CLOUD_VPC_ENDPOINT_ENABLED') || (isset($params['enableVpc']) && $params['enableVpc'] === true)) {
+            $prefix = 'sts-vpc';
+        }
         if (Helper::envNotEmpty('ALIBABA_CLOUD_STS_REGION')) {
-            $this->stsEndpoint = 'sts' . Helper::env('ALIBABA_CLOUD_STS_REGION') . '.aliyuncs.com';
+            $this->stsEndpoint = $prefix . '.' . Helper::env('ALIBABA_CLOUD_STS_REGION') . '.aliyuncs.com';
         }
 
         if (isset($params['stsRegionId'])) {
-            $this->stsEndpoint = 'sts' . $params['stsRegionId'] . '.aliyuncs.com';
+            $this->stsEndpoint = $prefix . '.' . $params['stsRegionId'] . '.aliyuncs.com';
         }
 
         if (isset($params['stsEndpoint'])) {
@@ -249,7 +253,7 @@ public function refreshCredentials()
             'securityToken' => $credentials['SecurityToken'],
             'expiration' => \strtotime($credentials['Expiration']),
             'providerName' => $this->getProviderName(),
-        ]), $this->getStaleTime(strtotime($credentials['Expiration'])) );
+        ]), $this->getStaleTime(strtotime($credentials['Expiration'])));
     }
 
     public function key()
diff --git a/src/Providers/RamRoleArnCredentialsProvider.php b/src/Providers/RamRoleArnCredentialsProvider.php
@@ -149,12 +149,16 @@ private function filterExternalId(array $params)
 
     private function filterSTSEndpoint(array $params)
     {
+        $prefix = 'sts';
+        if (Helper::envNotEmpty('ALIBABA_CLOUD_VPC_ENDPOINT_ENABLED') || (isset($params['enableVpc']) && $params['enableVpc'] === true)) {
+            $prefix = 'sts-vpc';
+        }
         if (Helper::envNotEmpty('ALIBABA_CLOUD_STS_REGION')) {
-            $this->stsEndpoint = 'sts.' . Helper::env('ALIBABA_CLOUD_STS_REGION') . '.aliyuncs.com';
+            $this->stsEndpoint = $prefix . '.' . Helper::env('ALIBABA_CLOUD_STS_REGION') . '.aliyuncs.com';
         }
 
         if (isset($params['stsRegionId'])) {
-            $this->stsEndpoint = 'sts.' . $params['stsRegionId'] . '.aliyuncs.com';
+            $this->stsEndpoint = $prefix . '.' . $params['stsRegionId'] . '.aliyuncs.com';
         }
 
         if (isset($params['stsEndpoint'])) {
diff --git a/tests/Unit/Providers/OIDCRoleArnCredentialsProviderTest.php b/tests/Unit/Providers/OIDCRoleArnCredentialsProviderTest.php
@@ -46,6 +46,7 @@ public function testConstruct()
             'durationSeconds' => 3600,
             'policy' => 'policy',
             'stsRegionId' => 'cn-beijing',
+            'enableVpc' => true,
             'stsEndpoint' => 'sts.cn-zhangjiakou.aliyuncs.com'
         ];
         $config = [
@@ -57,6 +58,7 @@ public function testConstruct()
         putenv("ALIBABA_CLOUD_OIDC_TOKEN_FILE=/b/c");
         putenv("ALIBABA_CLOUD_ROLE_SESSION_NAME=sessionName");
         putenv("ALIBABA_CLOUD_STS_REGION=cn-hangzhou");
+        putenv("ALIBABA_CLOUD_VPC_ENDPOINT_ENABLED=true");
 
         $provider = new OIDCRoleArnCredentialsProvider($params, $config);
         self::assertEquals('oidc_role_arn', $provider->getProviderName());
@@ -77,7 +79,7 @@ public function testConstruct()
         $policy = $this->getPrivateField($provider, 'policy');
         $oidcTokenFilePath = $this->getPrivateField($provider, 'oidcTokenFilePath');
         $durationSeconds = $this->getPrivateField($provider, 'durationSeconds');
-        self::assertEquals('stscn-hangzhou.aliyuncs.com', $stsEndpoint);
+        self::assertEquals('sts-vpc.cn-hangzhou.aliyuncs.com', $stsEndpoint);
         self::assertNull($policy);
         self::assertEquals('/b/c', $oidcTokenFilePath);
         self::assertEquals(3600, $durationSeconds);
@@ -87,6 +89,7 @@ public function testConstruct()
         putenv("ALIBABA_CLOUD_OIDC_TOKEN_FILE=");
         putenv("ALIBABA_CLOUD_ROLE_SESSION_NAME=");
         putenv("ALIBABA_CLOUD_STS_REGION=");
+        putenv("ALIBABA_CLOUD_VPC_ENDPOINT_ENABLED=");
     }
 
     public function testConstructErrorRoleArn()
diff --git a/tests/Unit/Providers/RamRoleArnCredentialsProviderTest.php b/tests/Unit/Providers/RamRoleArnCredentialsProviderTest.php
@@ -47,6 +47,7 @@ public function testConstruct()
             'policy' => 'policy',
             'externalId' => 'externalId',
             'stsRegionId' => 'cn-beijing',
+            'enableVpc' => true,
             'stsEndpoint' => 'sts.cn-zhangjiakou.aliyuncs.com'
         ];
         $config = [
@@ -56,6 +57,7 @@ public function testConstruct()
         putenv("ALIBABA_CLOUD_ROLE_ARN=roleArn");
         putenv("ALIBABA_CLOUD_ROLE_SESSION_NAME=sessionName");
         putenv("ALIBABA_CLOUD_STS_REGION=cn-hangzhou");
+        putenv("ALIBABA_CLOUD_VPC_ENDPOINT_ENABLED=true");
 
         $provider = new RamRoleArnCredentialsProvider($params, $config);
 
@@ -86,12 +88,13 @@ public function testConstruct()
         self::assertEquals('ram_role_arn#credential#foo#roleArn#roleArn#roleSessionName#sessionName', $provider->key());
         $stsEndpoint = $this->getPrivateField($provider, 'stsEndpoint');
         $externalId = $this->getPrivateField($provider, 'externalId');
-        self::assertEquals('sts.cn-hangzhou.aliyuncs.com', $stsEndpoint);
+        self::assertEquals('sts-vpc.cn-hangzhou.aliyuncs.com', $stsEndpoint);
         self::assertNull($externalId);
 
         putenv("ALIBABA_CLOUD_ROLE_ARN=");
         putenv("ALIBABA_CLOUD_ROLE_SESSION_NAME=");
         putenv("ALIBABA_CLOUD_STS_REGION=");
+        putenv("ALIBABA_CLOUD_VPC_ENDPOINT_ENABLED=");
     }
 
     public function testConstructErrorCredentials()

Original file line number	Diff line number	Diff line change
`@@ -4,8 +4,6 @@`
`4`	`4`
`5`	`5`	`use AlibabaCloud\Credentials\Providers\Credentials;`
`6`	`6`
`7`		`-use function PHPUnit\Framework\isNull;`
`8`		`-`
`9`	`7`	`class RefreshResult`
`10`	`8`	`{`
`11`	`9`
Original file line number	Diff line number	Diff line change
`@@ -167,12 +167,16 @@ private function filterPolicy(array $params)`
`167`	`167`
`168`	`168`	`private function filterSTSEndpoint(array $params)`
`169`	`169`	`{`
	`170`	`+ $prefix = 'sts';`
	`171`	`+ if (Helper::envNotEmpty('ALIBABA_CLOUD_VPC_ENDPOINT_ENABLED') \|\| (isset($params['enableVpc']) && $params['enableVpc'] === true)) {`
	`172`	`+ $prefix = 'sts-vpc';`
	`173`	`+ }`
`170`	`174`	`if (Helper::envNotEmpty('ALIBABA_CLOUD_STS_REGION')) {`
`171`		`- $this->stsEndpoint = 'sts' . Helper::env('ALIBABA_CLOUD_STS_REGION') . '.aliyuncs.com';`
	`175`	`+ $this->stsEndpoint = $prefix . '.' . Helper::env('ALIBABA_CLOUD_STS_REGION') . '.aliyuncs.com';`
`172`	`176`	`}`
`173`	`177`
`174`	`178`	`if (isset($params['stsRegionId'])) {`
`175`		`- $this->stsEndpoint = 'sts' . $params['stsRegionId'] . '.aliyuncs.com';`
	`179`	`+ $this->stsEndpoint = $prefix . '.' . $params['stsRegionId'] . '.aliyuncs.com';`
`176`	`180`	`}`
`177`	`181`
`178`	`182`	`if (isset($params['stsEndpoint'])) {`
`@@ -249,7 +253,7 @@ public function refreshCredentials()`
`249`	`253`	`'securityToken' => $credentials['SecurityToken'],`
`250`	`254`	`'expiration' => \strtotime($credentials['Expiration']),`
`251`	`255`	`'providerName' => $this->getProviderName(),`
`252`		`- ]), $this->getStaleTime(strtotime($credentials['Expiration'])) );`
	`256`	`+ ]), $this->getStaleTime(strtotime($credentials['Expiration'])));`
`253`	`257`	`}`
`254`	`258`
`255`	`259`	`public function key()`
Original file line number	Diff line number	Diff line change
`@@ -149,12 +149,16 @@ private function filterExternalId(array $params)`
`149`	`149`
`150`	`150`	`private function filterSTSEndpoint(array $params)`
`151`	`151`	`{`
	`152`	`+ $prefix = 'sts';`
	`153`	`+ if (Helper::envNotEmpty('ALIBABA_CLOUD_VPC_ENDPOINT_ENABLED') \|\| (isset($params['enableVpc']) && $params['enableVpc'] === true)) {`
	`154`	`+ $prefix = 'sts-vpc';`
	`155`	`+ }`
`152`	`156`	`if (Helper::envNotEmpty('ALIBABA_CLOUD_STS_REGION')) {`
`153`		`- $this->stsEndpoint = 'sts.' . Helper::env('ALIBABA_CLOUD_STS_REGION') . '.aliyuncs.com';`
	`157`	`+ $this->stsEndpoint = $prefix . '.' . Helper::env('ALIBABA_CLOUD_STS_REGION') . '.aliyuncs.com';`
`154`	`158`	`}`
`155`	`159`
`156`	`160`	`if (isset($params['stsRegionId'])) {`
`157`		`- $this->stsEndpoint = 'sts.' . $params['stsRegionId'] . '.aliyuncs.com';`
	`161`	`+ $this->stsEndpoint = $prefix . '.' . $params['stsRegionId'] . '.aliyuncs.com';`
`158`	`162`	`}`
`159`	`163`
`160`	`164`	`if (isset($params['stsEndpoint'])) {`